This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader

Volume: 12 Issue: 6
(June 2015)


Ministers from the Justice and Home Affairs (‘JHA’) Council of the European Union (‘the Council’) sealed, on 15 June 2015, a general approach on the European Commission’s (‘the Commission’) proposal for a General Data Protection Regulation (‘GDPR’). The Council reached agreement on a number of provisions, including powers for data protection authorities to issue penalties of up to €1 million or up to 2% of global annual turnover and rules to establish the so-called ‘one-stop-shop.’ The agreement also means that the European Parliament (‘the Parliament’), Commission, and the Council can now officially enter into a trilogue discussion in order to reach a consensus on the proposed text. Data Protection Law & Policy spoke with a number of leading experts to gauge their reactions to the Council’s agreement. / read more

The Ministry of Industry and Information Technology (MIIT) published, on 19 May 2015, measures entitled, ‘Administrative Measures for Communications Short Message Information Services’ (‘the Measures’). The general purpose of the Measures is to implement the ‘Decision on Strengthening of Protection of Information on Information Networks,’ which prohibits telecommunications service operators, including short message service operators (‘SMS Operators’), from sending commercial SMS without the recipients’ consent. / read more

The Canadian House of Commons passed, on 18 June 2015, the Digital Privacy Act (Bill S-4) (‘the Act’), which includes amendments to the Personal Information Protection and Electronic Documents Act (‘PIPEDA’). Under the Act, an organisation will be required to notify the Office of the Privacy Commissioner (‘OPC’) following a breach of security safeguards involving personal information under its control, and when there is a real risk of significant harm to individuals from the breach. Organisations will also be required to notify affected individuals in these circumstances. Furthermore, organisations will also be required to keep records of each and every breach involving personal information under its control. / read more


‘Privacy protection is a prerequisite to individual security, self-fulfilment and autonomy as well as to the maintenance of a thriving democratic society.’ This solemn statement of the Canadian Supreme Court was cited by David Anderson QC as a central justification for his stance in the statutory review of the operation and regulation of investigatory powers in the UK. It should not take much convincing to believe that privacy allows us to think, create and choose. The suppression of personal privacy is bound to lead to certain choices and behaviours. Crucially, privacy is an ally of freedom because, among other things, it empowers citizens against the state. In other words, privacy is a necessary ingredient of democracy and, as a result, privacy intrusions should always be resisted. But life is more complicated than that. / read more

Singapore is an economic powerhouse, ranking ninth globally in 2014 in terms of GDP per capita, which is no small feat given the size of the country and the fact that Singapore does not have the natural resources that its neighbours enjoy. According to Tharishni Arumugam, Regional Privacy Counsel at Aon, Singapore’s growth is due to its focus on the development of skills and knowledge, capitalising on the enduring value of these intangible assets. The country has never rested on its laurels, and it recently announced its latest plan - to be the world’s first Smart Nation. Arumugam examines the privacy and data security implications of the Smart Nation concept. / read more

A proposed bill to modify Act CXII of 2011 on the Right of Informational Self-determination and on Freedom of Information (‘the Proposal’) has been published by the Hungarian Justice Ministry for discussion purposes. Its purpose is to further develop data protection rules and the right of access to public information, utilising the practical experience gained since the entry into force of the Act, on 1 January 2012. Márton Domokos, Senior Associate at CMS Cameron McKenna LLP, takes a look at the proposed provisions regarding Binding Corporate Rules (‘BCRs’), the introduction of administrative obligations regarding data security breaches, and the increased powers of the Hungarian Authority for Data Protection and Freedom of Information (‘NAIH’). / read more

One trend in sport that is becoming increasingly prominent is the capture (and subsequent processing) of athlete data via wearable devices. While this is usually done for medical, training or performance purposes, the desire on the part of sports bodies to identify new revenue streams is strong and there is no doubt that the demand for this kind of data is growing. Alongside the technological difficulties, one of the most significant obstacles to the successful commercialisation of that data is data protection. Nick White, Partner at Couchmans LLP, examines the treatment of athlete personal data gathered via wearable technology and does so through the lens of the recent general approach adopted by the Council of the European Union (‘the Council’) on 15 June 2015 concerning the proposed draft General Data Protection Regulation (‘GDPR’). / read more

In Part I of this series on the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 (‘2015 Act’), Peter Leonard, Partner at Gilbert + Tobin, reviewed how and why the Australian Parliament enacted this legislation and assessed the criteria used to determine to whom the data retention obligations attach. Leonard now examines, in Part II of the series, the kinds of information that must be retained and who can access this information. The financial and data security issues arising from the new retention regime are also considered. / read more

On 8 April 2015, the Employment Appeal Tribunal (‘EAT’) handed down its judgement in the case of Chersterton Global Ltd and Mr Neal Verman (Claimant) v. Mr M. Nurmohamed (Respondent) UKEAT/0335/14/DM. The judgment is significant, as it is the first reported EAT-level decision dealing with the meaning of ‘in the public interest’ in the context of protected disclosures (i.e. whistleblowing). This article will provide an overview of the applicable law, the facts of Chersterton, and discusses what the EAT’s decision means for employees considering making protected disclosures. / read more

On 28 May 2015, the Colombian Data Protection Authority (‘SIC’) published its ‘Guidelines to Implement the Accountability Principle’ (‘the Guidelines’), which contain instructions on how to design and implement an Integral Personal Data Stewardship Program (‘the Program’). Irene Velandia, Associate at Brigard & Urrutia, examines the measures which, if implemented by a data controller operating in Colombia, will guarantee compliance with the Organisation for Economic Co-operation and Development’s accountability principle. The article also presents how Colombia is one step closer to achieving the highest standards of data protection in Latin America. / read more

On 26 May 2015, the Dutch Upper House of Parliament passed a bill concerning mandatory notification of data breaches. Once mandatory notification comes into force (which is expected to be effective on 1 January 2016), non-compliance will be punishable with a fine of up to 10% of annual turnover. In anticipation of the new breach notification requirements, this article sets out the possible consequences and the recommended steps organisations should take to ensure they are well prepared for meeting them. / read more

About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed